This signature file may be used to cryptographically verify file integrity, like this:: $ gpg --keyserver hkp://keyserver.ubuntu.com --recv-keys 0xA16EB94D $ gpg --list-keys 0xA16EB94D pub 2048R/A16EB94D 2008-08-15 [expires: 2023-08-12] uid Turnkey Linux Release Key $ gpg --verify turnkey-tomcat-apache-13.0-wheezy-i386-xen.tar.bz2.sig gpg: Signature made Fri Nov 1 09:53:04 UTC 2013 using RSA key ID A16EB94D gpg: Good signature from "Turnkey Linux Release Key" For your convenience we also include file checksums: * sha1sum c7f32103b5437ceb7ccb792c912695568a58a514 * md5sum a2fbde02a2687d65df57eef609773ef1 You can calculate these on your end and compare to check for errors, but cryptographic verification is recommended for security reasons. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iQEcBAABAgAGBQJSc3n1AAoJEIXCXpWhbrlNEh8IAKsoqLMJcW6XsBldX5W+Zvoy RkJORNewV8eK4efh1l1tHKtymOnZi8jc63p9Ip+P6WBMu18TF7vEGZmJ+wnyFHAn sCSs3jRiBSmuJ9Zua3IyI8lxjMaoe3yX6Dafg/IpKuLmciSFUhqSEiMnEWLQfAPE +MJz81syfo5xCjGjmo4NwcjKjaTzw3Z5IKr8vuDB+suByL4yp6YyxRTPGNUCs2v4 VIyBSyPzQP0pozvF3CwiqBVBikuuGrJ7fWDqWbNSqMGwG4iWfLa65z8xWQLjTnzq l2POtjDSchvxy9uJODL6HvbtXlEnwMH5NpSB8J55hbZh+EaMdUdGqqlmlLzAlyc= =QYTr -----END PGP SIGNATURE-----